361 matches found
SUSE-SA:2006:001: xpdf,kpdf,gpdf,kword
The remote host is missing the patch for the advisory SUSE-SA:2006:001 xpdf,kpdf,gpdf,kword. 'infamous41md', Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to...
Fedora Core 3 : tetex-2.0.2-21.7.FC3 (2006-029)
Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624,...
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 937-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 937-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2006 http://www.debian.org/security/faq -...
DSA-937-1 tetex-bin - buffer overflows
Bulletin has no description...
USN-236-2: xpdf vulnerabilities in kword, kpdf
USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues. For reference, this is the original advisory: Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, a...
CVE-2005-3625
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service infinite loop via streams that end prematurely, as demonstrated using the 1 CCITTFaxDecode and 2 DCTDecode streams, aka "Infinite CPU spins."...
CVE-2005-3625
CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...
CVE-2005-3624
CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...
CVE-2005-3627
CVE-2005-3627 is a vulnerability in Xpdf (Stream.cc) affecting multiple products using Xpdf code paths (e.g., gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor). The issue arises in DCTDecode stream handling: (1) an unchecked large number of components value in DCTStream::readBaselineSOF/...
USN-236-1: xpdf vulnerabilities
Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that...
CVE-2005-3627
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...
CVE-2005-3628
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors...
CVE-2005-3192
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...
CVE-2005-3192
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...
Fedora Core 4 : tetex-3.0-7.FC4 (2005-1126)
Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by this bug.The...
Fedora Core 3 : tetex-2.0.2-21.5 (2005-1127)
Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by this bug.The...
DEBIAN-CVE-2005-3193
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code JPXStream.c for xpdf 3.01 and earlier, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, 4 CUPS, and 5 libextractor allows user-assisted attackers to cause a denial of service heap...
CVE-2005-1065
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory...
CVE-2005-1065
The vulnerability CVE-2005-1065 affects tetex in Novell Linux Desktop 9. An attacker with local access can determine the existence of arbitrary files via a symlink attack in /var/cache/fonts, enabling partial confidentiality impact without authentication. The common root cause is a symlink handli...